Date: Thu, 13 May 93 16:58:34 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#041 Computer Privacy Digest Thu, 13 May 93 Volume 2 : Issue: 041 Today's Topics: Moderator: Dennis G. Rears Redistribution of E-Mail attained via research Right or Wrong? Re: Redistribution of E-Mail attained via research Right or Wrong? Re: Redistribution of E-Mail attained via research Right or Wrong? Re: Redistribution of E-Mail attained via research Right or Wrong? Re: Redistribution of E-Mail attained via research Right or Wrong? [Newsbytes Editorial] Caller Line ID Re: privacy vs banks (was: Re: I won one!) Re: Virginia Voters and SSNs SSAN use Re: driver's license for jurors (was: Re: SSN) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Michael Hauben Subject: Redistribution of E-Mail attained via research Right or Wrong? Date: 4 May 93 18:35:20 GMT Organization: Columbia University Department of Computer Science In conducting research on the Net, I have often gotten requests from people who would like me to forward to them the private e-mail responses I have gotten via e-mail. What do people think about this? I usually have waited until I have finished the paper I was conducting the research for and then I send that paper to these people. Do people think sending e-mail received from others to anyone else without their prior permission would be considered a breach of privacy? Or is it a sharing of information? And also I might be interested in doing summaries of the information / answers I received via e-mail. Is there any proper Nettiquette towards producing summaries? Please respond publically so others can see what comes up. Thanks, -Michael Hauben -- ----------------------------------------------------------------------- | Michael Hauben CC '95 | E-mail me for sample copies of | | hauben@cs.columbia.edu | The Amateur Computerist Newsletter | | hauben@columbia.edu | & read the alt.amateur-comp newsgroup | ------------------------------ From: Ed Moore Subject: Re: Redistribution of E-Mail attained via research Right or Wrong? Date: 4 May 93 20:11:03 GMT Organization: Hewlett-Packard VCD Michael Hauben (hauben@cs.columbia.edu) wrote: >In conducting research on the Net, I have often gotten requests from >people who would like me to forward to them the private e-mail responses >I have gotten via e-mail. What do people think about this? Electronic flow of information shouldn't radically alter the ethics of handling that information. It is, of course, much easier to copy and send an e-mail than a paper mail, so the question arises more often. Would you copy information from paper mail and send it to another? It depends on the information. If someone sends you a letter stating that a Whizzy hard disk works in a SloMo PC if DIP switch #4 is off, I see no ethical problem with sharing that info with others. If the letter says, "I think Bill Gates is ," then sending that on is simply gossiping. There are several reasons why one may get information by e-mail that the sender would not have posted in a public newsgroup. 1) To save bandwidth. Not an inhibitor of sending the info to another. 2) To avoid unsolicited responses. If Jane Smith at MegaComp provides free support to an individual by e-mail, she may not want that fact known to every MegaComp customer who would also like to get some free support. I have occasionally stripped off the name, address and company of the sender and forwarded it to another. If someone wants to do this with my "free support" e-mail, that's fine with me. 3) Personal privacy. Most of us will divulge facts (about self or others) and express opinions *in private* that we would not divulge or express in a public forum. The recipient has no right to forward such information to another. My opinions, not HP's. Ed Moore Hewlett-Packard Vancouver, WA edmoore@vcd.hp.com ------------------------------ From: Brian Leibowitz Subject: Re: Redistribution of E-Mail attained via research Right or Wrong? Date: 4 May 93 20:51:02 GMT Organization: Netcom Online Communications Services (408-241-9760 login: guest) In article hauben@cs.columbia.edu (Michael Hauben) writes: >In conducting research on the Net, I have often gotten requests >from people who would like me to forward to them the private >e-mail responses I have gotten via e-mail. What do people think >about this? I usually have waited until I have finished the paper <...> > >And also I might be interested in doing summaries of the >information / answers I received via e-mail. Is there any proper >Nettiquette towards producing summaries? I have seen many request for information that state that they will post a summary or make the information available. This seems like the best method. Otherwise, it is best not to distribute anything without permision (I'm not comenting on the legality or distributing corespondence-I'm not sure of the legal situation. I just feel this is good manners.) BML ------------------------------ From: "Michael G. Reed" Subject: Re: Redistribution of E-Mail attained via research Right or Wrong? Date: 4 May 93 21:40:51 GMT Reply-To: reed@sunlab.cit.cornell.edu Organization: Cornell University In article , hauben@cs.columbia.edu (Michael Hauben) writes: |> these people. Do people think sending e-mail received from others |> to anyone else without their prior permission would be considered |> a breach of privacy? Or is it a sharing of information? Personally, I don't like the idea. I have heard at least one administrator here at Cornell say that one should not send anything in email (or post) that one wouldn't be embarrased to see on the front pages of the New York Times. Personally, I dislike this attitude, but the reality of the situation exists. (Then again, that same administrator had no problem sending email out of a student's account that wasn't authorized by the student - but hey, he OWNS the machines, so he can do ANYTHING he wants - at least that is his opinion.) Then again, I suppose these are also the people who wouldn't have a problem reading someone elses private email without invitation. My 2 cents, definitely not Cornells. -Michael ----------------------------------------------------------------------------- Michael G. Reed (mreed@Sunlab.CIT.Cornell.EDU) ----------------------------------------------------------------------------- When the going get's tough, the tough get going. ------------------------------ From: "Cynthia K. Wunsch" Subject: Re: Redistribution of E-Mail attained via research Right or Wrong? Date: 5 May 93 17:47:51 GMT Followup-To: news.misc,alt.amateur-comp,comp.privacy Organization: East Texas State University, Commerce, Texas Regarding posting summaries: I read the net and try to emulate the ones that seem to have the best format and style. Regarding forwarding email: I ask permission first, strip off all identifying information if requested, and delete any personal remarks. If the sender requests, I forward a copy of the edited message. Things like forwarded FAQs and other impersonal documents I forward after stripping off headers. -- Cynthia K. Wunsch Internet address: thalena@merlin.etsu.edu ------------------------------ From: Carl M Kadie Subject: [Newsbytes Editorial] Caller Line ID Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL Date: Fri, 7 May 1993 19:26:26 GMT Copyright 1992 by Newsbytes. Reposted with permission from the ClariNet Electronic Newspaper newsgroup clari.nb.telecom. For more info on ClariNet, write to info@clarinet.com or phone 1-800-USE-NETS. SAN FRANCISCO, CALIFORNIA, U.S.A., 1993 APR 30 (NB) -- By Robert Jacobson. It may be too late to resuscitate the corpse, but the chorus of mourners crying crocodile tears for Caller ID has recently risen in volume. Are the telephone companies at it again? Probably not. But it's remarkable nonetheless how many supposedly well-informed commentators are still repeating the nonsense that characterized the campaign for Caller ID, ignorant still of the many reasons why the service doomed itself. Caller ID was the modern technological tragedy. Recently, Newsbytes ran an editorial lamenting the many regulations and restrictions imposed on Caller ID by state authorities which, taken together, nailed the coffin on the beast. The author, recited the arguments once more vocally advanced by the telephone companies -- arguments such as Caller ID would in some way protect the personal privacy of telephone customers. I don't agree. For more than three years, as a senior policy analyst with the California Legislature, I studied Caller ID and its implications for personal privacy. My conclusion: Caller ID would not protect personal privacy. Far from it -- the service was designed as a tool for direct marketers and its implementation, had it succeeded, would have seriously eroded personal privacy for every telephone customer. There's nothing mysterious about these conclusions. From its inception, Caller ID was heralded by the telephone companies as a marketer's dream, the ideal way to collect information about customers and others who might call businesses equipped with the appropriate technology. Every time a limitation was imposed on Caller ID, making it possible (for example) for customers to suppress the automatic transfer of their identifying data, the telcos protested that this would destroy the "value" of the service. By value they meant the desirability of the service for the purpose of collecting personal information. Why would the telephone companies take this line? I asked this question of many telephone executives; few could provide a persuasive rationale for privacy protection. On the contrary, the intention of the telephone companies, quite baldly stated on several occasions, was to move the telephone industry into the center of commerce. The personal telephone number, possibly the single most important artifact of information possessed by most Americans, is the closest thing we have to a national identity code (next to the Social Security number, whose use is increasingly limited as an identifier and certainly prohibited to commercial application). If Caller ID, whose value depends on the use of telephone numbers as identifiers, was a success, the telephone companies would become the nexus of commercial transactions. Their own vast collections of data regarding customer calling patterns would additionally become more valuable. In all, telephone companies would become the transactors of more personal information than any other entities. What a boon not only for the telco revenues but also for their power within the economy. The personal privacy angle came into being after the telcos realized that not everyone was sympathetic to this strategy. So a bogeyman was invented: the harrassing or crank caller, who "invaded" the sanctity of the home via the telephone. Caller ID would prevent this invidious individual from getting "in." Far from it: with Caller ID, the easy passage of personal information including telephone calls would _increase_ the number of _telemarketing_ calls the individual would receive, a far more troubling activity if the complaints our office got from telephone customers was any indication. And there were plenty of other ways to track down and punish harrassing callers, like Call Trace, which didn't require the surrender of one's telephone number. But the phone companies resisted these available, less onerous measures. In fact, Caller ID can be easily circumvented by simply using an unsuspecting friend's phone or a public phone to execute the communication. When the unknown number shows up on the Caller ID screen, how is the recipient to know it's the person who has been bothering them for so long? Call Trace is a better technology for this purpose. Police forces in California were not favorably disposed toward Caller ID, either. They worried that angry telephone customers who had received a noisome phone call would track down whomever's telephone number showed up on the device and blow that person away, whether or not the individual was culpable of the crime. The telephone company might even be held liable for culpability, something few telephone executives -- cozied by years of living under protective anti-liability tariffs -- might have given more thought. Finally, had the telco execs (who do not take advice kindly) thought about it, making every phone call a potential giving away of one's most personal information, via the telephone number, would have the effect of suppressing use of the telephone, just when the industry was pushing the phone as the most essential device for partaking of the Information Age. Talk about cutting off your nose to spite your face! What killed Caller ID, ultimately, wasn't the restrictions imposed by state regulators but business's lack of interest. Caller ID relied upon a high "take" by telemarketers, direct marketers, and other commercial institutions who wanted access to telephone numbers. They already get enough information from 800 and 900 numbers, since those calls are self-screened by customers who want to conduct some sort of business transaction. Caller ID promised a deluge of information that only the very biggest organizations could sift through and employ. And the bad press surrounding Caller ID discouraged those institutions from getting in too deep. A great sigh of relief has been breathed by abuse shelters, police organizations, health providers, and others whose employees and clients might be put at direct risk through the disclosure of the telephonic identities (and via these identities, addresses and daily routines). But the demise of Caller ID has a larger, ironic outcome: the telephone companies are unencumbered by this loser of a service as they begin to offer new types of information services, for which enthusiastic public use will be a business requirement. So don't cry for the telephone companies. They're better off for having faced principled criticism that contained the damage Caller ID might have done. The lobbyists and executives who ingenuously fought for the service, so far as I know, are all doing well and have received promotions to make mischief somewhere else. A fairly dangerous confrontation, between technology and privacy, has been averted. If anything is to be lamented, it's all the time and energy that went into a foolish enterprise, an endeavor without a future whose inspiration was right out of Orwell's 1984, presented with an undeservedly friendly face. We know now to be more aware of technologists bearing gifts. Editor's Note: Robert Jacobson, Ph.D., is former principal consultant/staff director of the Assembly Utilities and Commerce Committee, California Legislature, 1982-1989. (Robert Jacobson/19930430) -- Carl Kadie -- I do not represent any organization; this is just me. = kadie@cs.uiuc.edu = ------------------------------ Date: Fri, 7 May 93 23:38:56 GMT From: Bear Giles Subject: Re: privacy vs banks (was: Re: I won one!) Organization: Forecast Systems Labs, NOAA, Boulder, CO USA In article Jonathan Thornburg writes: >In article Bear Giles writes: >>2. I asked about this and she said the bank _requires_ SSNs for any >> account. If I went in with $1000 in cash and tried to open a >> savings account, agreeing that 33% of all interest will be paid >> to the IRS (and 5% to Colorado) to cover any possible income tax, >> _they would refuse my business_. > >Indeed, they're required by law to get an SSN any time they pay interest. >This is so they can report the interest to the IRS, who can in turn >cross-match this with your tax return to make sure you report that >interest as income. If I agree to pay the maximum marginal tax rate, the IRS should be satisfied that _at least_ the proper amount of tax is being paid, without requiring my SSN. I know my previous bank had indicated that I did _not_ have to provide a SSN for my (existing) interest-bearing checking account, but if I declined they would withhold taxes on my interest. Besides, this argument is completely irrelevant for accounts which don't earn any interest. Requiring a SSN on all accounts, despite the customer offering to pay excess taxes in order to gain privacy, only makes sense if someone is trying to track all _assets_, not just taxes due. >I don't believe there's any law against >your obtaining cheques printed with your account number and the name >"Bill Clinton". Whether or not your financial institution will honor >them, of course, is up to them... Since I want checks the bank will honor, getting the first batch with a different name through them to establish precedence makes sense. >>4. When I handed over my standard "a condition of me doing business with >> you is _no_ _mailing_ _lists_" letter she said that the Bank did not >> release the names of its customers [ ... ] > >And you *believed* her? Why not? I made it very clear that this was a condition of me doing business with them. Any business which misrepresents itself to attract new accounts tends to find itself in deep trouble. Of course, the fact I haven't had problems with my car loan or Best Buys credit card issued through them tends to indicate she's telling the truth. >>I had also been told (when investigating banks) that I would be asked for >>a 4-digit identifying number -- they don't use readily available information >>like SSNs for checkcodes. I wasn't asked today, but this may be because >>this rep had recently started. > >I think you're thinking of a PIN for an ATM card. You only specify >this if/when you apply for such a card. No, I'm thinking of a passcode for the account. The ATM cards currently available are assigned PIN numbers by the bank, although effective later this month they'll be issuing new ATM cards and these cards will use PIN numbers specified by the customer. I actually received an ATM card with an expiration date of 6/93. -- Bear Giles bear@fsl.noaa.gov -- ------------------------------ From: vincent katherine m Subject: Re: Virginia Voters and SSNs Date: 9 May 1993 03:39:31 GMT Organization: Wake Forest University Craig Wagner (Craig.Wagner@p2.f120.n109.z1.fidonet.org) wrote: : A while back, some interest was shown in a court ruling against the : Commonwealth of Virginia's combined constitutional (if I recall : correctly) requirement of the use of a SSN to register to vote and : legislated policy of making such lists, along with the SSN, available : to the general public. Good grief ... No money to pay the programmers NOT to include the SSN on the public report? 8-( Should be a simple procedure to cut field on the posted list. : A week or two ago, while voting in a special election in Arlington, : Virginia, I noticed a list of voters, with their SSNs, posted on a wall : in the polling place. I wrote to the Board of Voter Registration the : next day to express my concern. I can't even get my company and their travel service, American Express, not to put my SSN on copies of trip itineraries. About the same time I was trying to change that (a fruitless effort), I learned that our Corporate Legal people didn't consider SSNs private information! My corporate American Express account number is more confidential than my SSN ... Different bottom lines ... Kathy ======================================================= K. M. Vincent vincekm9@ac.wfunet.wfu.edu Wake Forest University unix@wrddo.att.com AT&T ------------------------------ From: thomas ciccateri Subject: SSAN use Date: Sun, 9 May 93 3:42:41 MDT This month faculty of the College of Education were notified by their administration that they could no longer post students' final grades in the hallways since public exposure of students' ID numbers (SSANs) would be a violation of the Buckley Act. Other departments on campus have yet to pay any attention to either the letter or the spirit of the law. Tom Ciccateri University of New Mexico Training and Learning Technologies Div. ------------------------------ From: Mike Brokowski Subject: Re: driver's license for jurors (was: Re: SSN) Organization: Northwestern University, Evanston IL Date: Mon, 10 May 1993 23:59:50 GMT In article Jonathan Thornburg writes: >In article >| Charles Mattair writes: >| Texas has just started using DLs instead of voter registration rolls (there >| was a perception many people were not registering to avoid jury duty :-( ). >| >| The result has been, shall we say, a very mixed success. On the positive >| side, the pool of potential jurors is definitely up. Other positives >| include - actually, the courts and the DA say that's it. Negatives are: >| much higher rate of no-shows; lower average level of educational attainment; >| lower socio-economic status (that is, much higher percentage of un/under >| employeed); much higher percentage of undocumented workers and non-English >| speakers; jurors who serve but really don't participate in the process; in >| general, a lower quality juror pool. > >I was under the impression that few of these "negatives" were >constitutional grounds for disqualifying prospective jurors. Let's >see... perhaps we should only allow prison inmates to serve as jurors, >since that way we could really cut the rate of no-shows? Other than >not being a US citizen, it seems to me that *none* of the other >"negatives" you mention are relevant -- not being poor, not being less >educated, not not speaking English, and not being unenthusiastic. I don't see where anyone claims that these are "constitutional grounds for disqualifying prospective jurors." CM only judges them to be "negatives", which is not unreasonable, even if you disagree. Frankly, *I* would probably rather have juries that were educated (admittedly a bias) and who could understand the testimony presented without a substantial language barrier. A person's economic status probably doesn't have much to do with how well that person can interpret the relevant facts and laws involved in a legal proceeding, however. My question is whether the lists of those who qualify to serve or have served are publically available? Another poster notes that certain states have made drivers' license information un- available as public records, and voter information seems to be widely available. Where does jury information stand? A quick summary of known information on this would be nice. Mike Brokowski brokowski@nwu.edu >Indeed, in order for a jury system to be in any sense fair, it *must* >include a representative fraction of people who *are* poor, less >educated, don't speak English, etc. > >It must also include a representative fraction of people who don't have >driver's licenses, but the Texas "motor votor" law merely *adds* the >driver's license list to the other existing lists they already use, so >that's not a problem. > > >- Jonathan Thornburg (temporarily living in Texas, but not an USA citizen) > or > [until 31/Aug/93] U of Texas at Austin / Physics Dept / Center for Relativity > [thereafter] U of British Columbia / {Astronomy,Physics} > "One million Americans have two homes; four million Americans have no homes." > ------------------------------ End of Computer Privacy Digest V2 #041 ******************************